MEMORANDUM
TO:
New Stony Brook Employees
FROM:
Beverly Rivera, University Registrar
RE:
Compliance Statement and Confidentiality of Student Records
DATE:
July 30, 2003
The University complies with applicable federal and state laws to manage student records and
protect the confidentiality and privacy of student information. All members of the campus community are
responsible to adhere to these policies and to follow good practices in handling paper or electronic student
records. As required by law, notice of these policies and of students' rights under federal law is given
annually to the campus community and is posted in the Registrar’s website.
Applicable regulations include, but are not limited to the following:




The Family Educational Rights and Privacy Act (FERPA) also known as the Buckley Amendment
The USA Patriot Acts (amendments to the FERPA Act)
NY State Law regarding the use of students’ social security number
University Policy on Student Access to Academic Records (P507R)
Highlights of the privacy laws:
The University is authorized to provide access to student records to campus officials and employees who have
legitimate educational interest in such access, without the student’s written consent. These persons are those who
have responsibilities in connection with campus academic, administrative or service functions and who have reason
for using student records connected with their campus or other related academic/administrative responsibilities as
opposed to a personal or private interest. Such determination is made on a case-by-case basis by the Registrar’s
Office.
With the exception of “Directory (Public) Information” (see below) student information must not
be transmitted by any University employee to anyone outside the University (including parents or
spouses) without the express written release by the student (as is the case of recommendation
letters or issuance of academic transcripts) or pursuant to a lawfully subpoena/order. Students may
complete a form authorizing the Registrar’s Office to permit non-University individuals (e.g., their parents or
spouses) to view their academic record.
Public information is called directory information and it includes the student’s name, local
address and telephone, E-mail address, date and place of birth, major field of study, year in school,
dates of attendance, degrees and dates awarded, awards and academic honors, most recent previous
educational institution attended, participation in officially recognized activities and sports, height
and weight of members of athletic teams. Students may complete a request to the Registrar’s Office to
suppress even directory information from being divulged.
In addition to FERPA, NY State legislation that became effective in 2001 specifically bars the display of a
student's social security number in a posting or public listing of grades, on class rosters or other lists
provided to teachers, on student identification cards, and in student directories or similar listings.
Only the Office of University Counsel coordinates responses to subpoenas, court orders or law enforcement
requests for student records. Employees receiving any such requests MUST contact University Counsel for
immediate action. Questions about the University's interpretation of the FERPA guidelines should be referred to the
University Counsel, 328 Administration, 2-6110.
HRSF0066 (07/04)
Page 1 of 2
www.stonybrook.edu/hr
Employee Acknowledgement and Compliance Statement
The following Acknowledgement and Compliance Statement is provided to protect employees and
students at The State University of New York at Stony Brook. Access to personnel, student, and
financial data contained within Stony Brook’s Information Systems and external SUNY Systems is
limited to those individuals whose position requires use of this information. By signing the statement
below, you are acknowledging your acceptance and adherence to the confidentiality requirements
imposed by federal and State law.
If you should ever be uncertain about what constitutes legitimate use or release of information, err on
the side of confidentiality and refer the inquiry to the Office of Legal Counsel.
I, _____________________________________ (print new employee name), understand that by
virtue of my position at The State University of New York at Stony Brook, may have access to data
which is confidential and is not to be disclosed to any person or entity without appropriate
authorization, subpoena, or court order. In order to protect myself and Stony Brook University
from legal action, I agree to adhere to the following guidelines:
1.
I understand and acknowledge that improper or inappropriate use of data in the University's
Information Systems is a violation of University procedures and it may also constitute a violation
of federal and state laws.
2. I will not provide confidential information to any individual or entity without proper authorization.
3. I will not review records or files for which I do not have authorization.
4. I will not remove confidential information from University facilities except as specifically
authorized to do so.
5. I will not make copies of any records or data except as specifically authorized in performance of
my duties.
6. I will not share my user id and password with anyone.
7. I will not use the data for personal use or for commercial purposes.
8. I will refer all requests for information from law enforcement governmental agencies and other
external entities to the Office of Legal Counsel.
9. I will refer external requests for all University statistical, academic or administrative data to the
Office of Institutional Studies.
10. I agree to report any unauthorized access to confidential data immediately to my supervisor.
11. I understand that any improper or inappropriate use of data in the University's Information
Systems may result in the removal of access privileges and could also result in disciplinary action.
Employee Compliance
Violators of this policy will be subject to the existing student or employee disciplinary procedures.
Sanctions may include the loss of computing privileges. Illegal acts involving Stony Brook computing
and networking resources may also subject users to prosecution by state and federal authorities.
I have read this acknowledgement and do hereby demonstrate my understanding and agreement to
abide by these guidelines by affixing my signature and the date below.
Signature: _______________________________
HRSF0066 (07/04)
Date: _________________________________
Page 2 of 2
www.stonybrook.edu/hr